Apache SSL Configuration

Apache SSL Configuration
Madhukar Gunda
Creation and Installation of SSL Certificate

Pre requisite: Openssl needs to be installed.
1. Creation of the certificate files

Open command prompt and navigate to folder C:\Program Files\GnuWin32\bin> Run the following command to create a .csr file using the command prompt, assuming that openssl.exe and openssl.cnf are located in currently working directory: openssl req -config openssl.cnf -new -out certificate.csr Enter a fairly complex password and make a note of it. (In this case password) Enter the following information (You may check the previous information in cert. if it is a renewal): Country Name (2 letter code) :IN <-- The country code State or Province Name (full name) :AP <-- State Locality Name (e.g., city) :Hyderabad <-- City Organization Name (e.g., company) :room <-- Always Ericsson. Organizational Unit Name (e.g., section) :IT Room Services <-- Always IT Services Common Name (e.g., your website's domain name) :simple<-- The domain name Email Address :network.security@ericsson.com <-- Always madhukar.b4u@gmail.com Challenge password: <-- Just press enter... This is not necessary. Run the following command to create a .key file, using command prompt, and assuming that openssl.exe is located in the current work directory: openssl rsa -in privkey.pem -out certificate.key Use the previously chosen password to extract the Private Key to a separate file called certificate.key. Key file will be generated in the same working directory.
Madhukar Gunda
Madhukar Gunda
Now you should have a CSR file and a private key file in the same directory. The CSR file will be used in the signing request, and the private key should be kept for installation.
2. Raise the Certificate Request
Goto google and type SSL Certigicate and open Verising site Click on Free 30 day SSL Trial Click on Verisign @ SSL Test Ceritificate Step1:
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Your browser's padlock icon will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Open C:\bea\SSLCert\ certreq.csr file and copy the content as specified in the below screen and submit the certreq.csr
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
You will get the Mail to your mail box as shown below
Verisign will send you the Certificate file in the mail 1. Root CA 2. Intermediate CA 3. Certificate in mail body content click on each link as shown in the below mail to download Download the Root CA :-
Madhukar Gunda
Madhukar Gunda
Click the link
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Click on select all button and copy in to one text file in C:\bea\SSLCert and named it as CA.crt Goto second link which received the mail. Do the same for intermediate certificate as well
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Copy the content and saved as public.crt
Goto google and type SSL Certigicate and open Verising site Click on Free 30 day SSL Trial Click on Verisign @ SSL Test Ceritificate Step5: Total 3 files
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Your browser's padlock icon will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Open C:\bea\SSLCert\ certreq.csr file and copy the content as specified in the below screen and submit the certreq.csr
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
You will get the Mail to your mail box as shown below
Verisign will send you the Certificate file in the mail 1. Root CA 2. Intermediate CA click on each link as shown in the below mail to download Download the Root CA :-
Madhukar Gunda
Madhukar Gunda
Click the link
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Click on select all button and copy in to one text file in C:\bea\SSLCert and named it as RootCA.crt Goto second link which received the mail. Do the same for intermediate certificate as well and named it as intermediate.crt
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Madhukar Gunda
Copy the content and saved as public.crt
Total 3 files
Madhukar Gunda
Madhukar Gunda
3. Configuration on the Server.

On the server, move to the conf folder of Apache HTTP server installation. In this case, E:/Program Files/Apache Software Foundation/Apache2.2/conf/ Under this folder, open httpd.conf Make sure the server IP is set to default HTTP port. Uncomment the below two lines as in the figure (Needed only for fresh installation) LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
Move to folder Apache2.2/conf/extra Under this folder, open httpd-ssl.conf
Madhukar Gunda
Madhukar Gunda
Mention the paths of .crt and .key files under SSLCertificateFile and SSLCertificateKeyFile.
Madhukar Gunda
Madhukar Gunda
Copy the Certificate and the Key files under the path mentioned in httpd-ssl.conf
Restart the apache server and access the URL with https.
install Root CA certificate in browser . Then it wont ask the security error
Madhukar Gunda

Apache SSL Configuration - 1 Way SSL - Browser To Apache

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Apache SSL Configuration - 1 Way SSL - Browser To Apache

Hochgeladen von

Copyright:

Verfügbare Formate

Creation and Installation of SSL Certificate

1. Creation of the certificate files